From 7067660884bb78f664992cfe8c691b478a22b195 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 18 Nov 2021 20:55:49 +0100
Subject: Track two new rouncube issues

---
 data/CVE/list.2021 | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index db0083ec6f..1ff37ef5b8 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -1,3 +1,12 @@
+CVE-2021-XXXX [XSS issue in handling attachment filename extension in mimetype mismatch warning]
+	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+	NOTE: https://github.com/roundcube/roundcubemail/issues/8193
+	NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17)
+CVE-2021-XXXX [SQL injection via some session variables]
+	- roundcube 1.5.0+dfsg.1-1 (bug #1000156)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12)
+	NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17)
 CVE-2021-43998
 	RESERVED
 CVE-2021-43997 (Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU p ...)
-- 
cgit v1.2.3